In an embodiment, a method comprises intercepting, using a server computer, a first set of instructions that define a user interface and a plurality of links, wherein each link in the plurality of links is associated with a target page, and the plurality of links includes a first link; determining that the first link, which references a first target page, is protected; in response to determining the first link is protected: generating a first decoy link that corresponds to the first link, wherein the first decoy link includes data that references a first decoy page which includes false information; rendering a second set of instructions that defines the first decoy link, wherein the second set of instructions is configured to cause a first client computer to hide the first decoy link from the user interface; sending the second set of instructions to the first client computer.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method comprising: intercepting, using a server computer, a first set of instructions that define a user interface and a plurality of links, wherein each link in the plurality of links is associated with a target page, and the plurality of links includes a first link; determining that the first link references a first target page; determining that the first target page is protected; in response to determining the first target page is protected, generating a first decoy link that corresponds to the first link; wherein the first decoy link includes data that references a first decoy page and not the first target page, wherein the first decoy page includes false information; rendering a second set of instructions define the first decoy link, wherein the second set of instructions are configured to cause a first client computer to hide the first decoy link from the user interface; sending the second set of instructions to the first client computer; wherein the method is performed by one or more computing devices.
A server intercepts website code containing links. If a link points to a "protected" page, the server creates a fake "decoy" link that looks real but directs to a decoy page with false information. The server then sends instructions to the user's browser to hide the decoy link from being displayed on the webpage. This entire process is executed by one or more computers.
2. The method of claim 1 further comprising: intercepting, from the server computer, a third set of instructions that defines the first link; determining that the first link references the first target page; determining that the first target page is protected; in response to determining the first target page is protected, generating a second decoy link that includes data that references a second decoy page and not the first target page, wherein the second decoy link is different than the first decoy link; rendering a fourth set of instructions define the second decoy link, which is configured to cause the first client computer to hide the second decoy link from the user interface; sending the fourth set of instructions to the first client computer.
The server intercepts website code that defines a link. If the link points to a protected page, the server creates a first fake "decoy" link that redirects to a decoy page containing incorrect information. A second, different decoy link is created, which also redirects to a potentially different decoy page. Instructions are then sent to the user's browser to hide both decoy links from being displayed.
3. The method of claim 1 further comprising: receiving, from the first client computer, a first request indicating that the first decoy link was selected; in response to determining the first decoy link was selected, generating a decoy page with one or more decoy links, which when selected generate an additional request for an additional decoy page with one or more additional decoy links; sending, to the first client computer, the decoy page.
A user clicks on the hidden decoy link. The server receives a request indicating the decoy link was selected. In response, the server generates a decoy page containing one or more additional decoy links. These new decoy links, when selected, lead to further decoy pages, creating a chain of fake content. The initial decoy page is then sent to the user's browser.
4. The method of claim 1 , wherein the first decoy link includes a key, and the method further comprising: storing the key indicating that the key is invalid; receiving, from the first client computer, a first request with the key indicating the first decoy link was selected; determining the key is invalid; in response to determining that the key is invalid, generating a decoy page with one or more decoy links that are configured to cause generating an additional request for an additional decoy page with one or more additional decoy links; sending the first target page to the first client computer.
A decoy link includes an invalid key. The server receives a request with this key, identifies it as invalid, and responds by generating a decoy page containing one or more additional decoy links. These new decoy links, when selected, lead to further decoy pages, creating a chain of fake content. Finally, instead of continuing the decoy chain, the server redirects the user to the actual protected target page.
5. The method of claim 1 further comprising: in response to determining the first target page is protected, generating a first protected link that corresponds to the first link and is different than the first decoy link; wherein the first protected link is different than the first link and includes a key that authenticates a first request that has been generated based on the first protected link and that references the first target page.
This invention relates to web security, specifically methods for protecting access to sensitive web pages while maintaining usability. The problem addressed is the need to prevent unauthorized access to protected web pages while ensuring legitimate users can still navigate to them without disruption. The invention describes a system where a web page contains multiple links to target pages, some of which may be protected. When a user attempts to access a protected target page, the system generates a protected link that differs from the original link and includes an authentication key. This key authenticates subsequent requests to the protected page, ensuring only authorized users can access it. The protected link is distinct from both the original link and any decoy links that may be present, which are used to mislead potential attackers. The authentication key embedded in the protected link verifies the legitimacy of the request, allowing access only to authorized users. This approach enhances security by dynamically generating unique, authenticated links for protected content while maintaining a seamless user experience for legitimate users. The system ensures that even if an attacker intercepts a decoy link, they cannot access the protected page without the proper authentication key.
6. The method of claim 5 , wherein the second set of instructions are configured to cause a first client computer to display the first protected link in the user interface.
Building upon the previous claim about protected links, the instructions sent to the user's browser are configured to display the "protected link" within the user interface, making it visible to the user, while the decoy link remains hidden. The user should be able to see and interact only with the protected link.
7. The method of claim 5 further comprising: storing the key indicating that the key is valid; receiving, from the first client computer, the first request with the key indicating the first protected link was selected; determining the key is valid; in response to determining the key is valid, sending a second request to the server computer for a set of valid data to generate the first target page; generating the first target page with the set of valid data; sending the first target page to the first client computer.
The server stores the key from the "protected link" and marks it as valid. When a user clicks the protected link, the server receives the request with the key, verifies it's valid, then requests the actual, valid data required to generate the target page. The server then generates the target page using this valid data and sends the protected target page to the user's browser.
8. The method of claim 7 further comprising: invalidating the key; receiving, from a second client computer, a third request with the key; determining that the key is invalid; in response to determining that the key is invalid, generating a decoy page with one or more decoy links that are configured to cause generating an additional request for an additional decoy page with one or more additional decoy links; sending, to the second client computer, the decoy page.
After a protected link has been used once, the server invalidates its key. If another user (or the same user from a different device) tries to use the same protected link (now with an invalid key), the server detects the invalid key and sends the user to the series of decoy pages, preventing unauthorized access to the real content.
9. The method of claim 8 , wherein the first client computer and the second client computer are a single computer.
The first client (who successfully accessed the protected page) and the second client (who tried to reuse the key) are the same computer, demonstrating the key invalidation prevents even the original user from accessing the page a second time using the same link.
10. A computer system comprising: a processor; a memory; a processing module configured to: intercept, using a server computer, a first set of instructions that define a user interface and a plurality of links, wherein each link in the plurality of links is associated with a target page, and the plurality of links includes a first link; determine that the first link references a first target page; determine that the first target page is protected; in response to determining the first target page is protected, generate a first decoy link that corresponds to the first link; wherein the first decoy link includes data that references a first decoy page and not the first target page, wherein the first decoy page includes false information; render a second set of instructions define the first decoy link, wherein the second set of instructions are configured to cause a first client computer to hide the first decoy link from the user interface; send the second set of instructions to the first client computer.
A computer system includes a processor and memory. A processing module intercepts website code containing links. If a link points to a protected page, the module creates a fake "decoy" link that looks real but directs to a decoy page with false information. The module then sends instructions to the user's browser to hide the decoy link from being displayed on the webpage.
11. The computer system of claim 10 , wherein the processing module is further configured to: intercept, from the server computer, a third set of instructions that defines the first link; determine that the first link references the first target page; determine that the first target page is protected; in response to determining the first target page is protected, generate a second decoy link that includes data that references a second decoy page and not the first target page, wherein the second decoy link is different than the first decoy link; render a fourth set of instructions define the second decoy link, which is configured to cause the first client computer to hide the second decoy link from the user interface; send the fourth set of instructions to the first client computer.
The computer system, as described in Claim 10, further intercepts website code that defines a link. If the link points to a protected page, the system creates a first fake "decoy" link that redirects to a decoy page containing incorrect information. A second, different decoy link is created, which also redirects to a potentially different decoy page. Instructions are then sent to the user's browser to hide both decoy links from being displayed.
12. The computer system of claim 10 , wherein the processing module is further configured to: receive, from the first client computer, a first request indicating that the first decoy link was selected; in response to determining the first decoy link was selected, generate a decoy page with one or more decoy links, which when selected generate an additional request for an additional decoy page with one or more additional decoy links; sending, to the first client computer, the decoy page.
The computer system described in Claim 10 includes a processing module. A user clicks on the hidden decoy link. The module receives a request indicating the decoy link was selected. In response, the module generates a decoy page containing one or more additional decoy links. These new decoy links, when selected, lead to further decoy pages, creating a chain of fake content. The initial decoy page is then sent to the user's browser.
13. The computer system of claim 10 comprising a storage, wherein the first decoy link includes a key and the processing module is further configured to: store the key indicating that the key is invalid; receive, from the first client computer, a first request with the key indicating the first decoy link was selected; determine the key is invalid; in response to determining that the key is invalid, generate a decoy page with one or more decoy links that are configured to cause generating an additional request for an additional decoy page with one or more additional decoy links; send the first target page to the first client computer.
The computer system in Claim 10 also includes storage. A decoy link includes an invalid key. The processing module receives a request with this key, identifies it as invalid, and responds by generating a decoy page containing one or more additional decoy links. These new decoy links, when selected, lead to further decoy pages, creating a chain of fake content. Finally, instead of continuing the decoy chain, the processing module redirects the user to the actual protected target page.
14. The computer system of claim 13 , wherein the processing module is further configured to: in response to determining the first target page is protected, generate a first protected link that corresponds to the first link and is different than the first decoy link; wherein the first protected link is different than the first link and includes a key that authenticates a first request that has been generated based on the first protected link and that references the first target page.
Building upon the computer system in Claim 13, if a link points to a protected page, the processing module creates both a decoy link (as described in Claim 10) and a "protected link". This protected link is different from both the original link and the decoy link. It contains a key that can be used to authenticate the request and verify that it's a legitimate user trying to access the protected target page.
15. The computer system of claim 14 , wherein the second set of instructions are configured to cause a first client computer to display the first protected link in the user interface.
Expanding on the system described in Claim 14, the instructions sent to the user's browser are configured to display the "protected link" within the user interface, making it visible to the user, while the decoy link remains hidden. The user should be able to see and interact only with the protected link.
16. The computer system of claim 14 comprising a storage, wherein the processing module is further configured to: store the key indicating that the key is valid; receive, from the first client computer, the first request with the key indicating the first protected link was selected; determine the key is valid; in response to determining the key is valid, send a second request to the server computer for a set of valid data to generate the first target page; generate the first target page with the set of valid data; send the first target page to the first client computer.
The computer system described in Claim 14 also includes a storage. The processing module stores the key from the "protected link" and marks it as valid. When a user clicks the protected link, the processing module receives the request with the key, verifies it's valid, then requests the actual, valid data required to generate the target page. The processing module then generates the target page using this valid data and sends the protected target page to the user's browser.
17. The computer system of claim 16 , wherein the processing module is further configured to: invalidate the key; receive, from a second client computer, a third request with the key; determine that the key is invalid; in response to determining that the key is invalid, generate a decoy page with one or more decoy links that are configured to cause generating an additional request for an additional decoy page with one or more additional decoy links; send, to the second client computer, the decoy page.
Expanding on the system described in Claim 16, after a protected link has been used once, the processing module invalidates its key. If another user (or the same user from a different device) tries to use the same protected link (now with an invalid key), the processing module detects the invalid key and sends the user to the series of decoy pages, preventing unauthorized access to the real content.
18. The computer system of claim 17 , wherein the first client computer and the second client computer are a single computer.
Within the computer system of Claim 17, the first client (who successfully accessed the protected page) and the second client (who tried to reuse the key) are the same computer, demonstrating the key invalidation prevents even the original user from accessing the page a second time using the same link.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
October 27, 2015
April 11, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.